Refreshed nDPI flow risk implementation

scripts/lua/modules/flow_risk_utils.lua

@@ -8,21 +8,27 @@ local flow_risk_utils = {}
 
 -- Keep in sync with ndpi_typedefs.h, table keys are risk ids as found in nDPI
 local id2name = {
-   [0] = "ndpi_no_risk",
-   [1] = "ndpi_url_possible_xss",
-   [2] = "ndpi_url_possible_sql_injection",
-   [3] = "ndpi_url_possible_rce_injection",
-   [4] = "ndpi_binary_application_transfer",
-   [5] = "ndpi_known_protocol_on_non_standard_port",
-   [6] = "ndpi_tls_selfsigned_certificate",
-   [7] = "ndpi_tls_obsolete_version",
-   [8] = "ndpi_tls_weak_cipher",
+   [0]  = "ndpi_no_risk",
+   [1]  = "ndpi_url_possible_xss",
+   [2]  = "ndpi_url_possible_sql_injection",
+   [3]  = "ndpi_url_possible_rce_injection",
+   [4]  = "ndpi_binary_application_transfer",
+   [5]  = "ndpi_known_protocol_on_non_standard_port",
+   [6]  = "ndpi_tls_selfsigned_certificate",
+   [7]  = "ndpi_tls_obsolete_version",
+   [8]  = "ndpi_tls_weak_cipher",
+   [9]  = "ndpi_tls_certificate_expired",
+   [10] = "ndpi_tls_certificate_mismatch",
+   [11] = "ndpi_http_suspicious_user_agent",
+   [12] = "ndpi_http_numeric_ip_host",
+   [13] = "ndpi_http_suspicious_url",
 }
 
 -- ##############################################
 
 -- Same as id2name, just with keys swapped
 flow_risk_utils["risks"] = {}
+
 for risk_id, risk_name in pairs(id2name) do
    flow_risk_utils["risks"][risk_name] = risk_id
 end